Windows Firewall Auto Blocking With Wazuh - Auto Block Connections to Malicious IPs with Wazuh!

  Рет қаралды 9,971

Taylor Walton

Taylor Walton

Күн бұрын

Пікірлер: 12
@guillermomariel4772
@guillermomariel4772 Жыл бұрын
Taylor, good video, I have a question, the result that MISP gives me in data.misp.value is the name of the domain, not the IP address of the malicious domain. What do I have to modify to obtain the IP and trigger the event to generate the rule in the firewall? Cheers and thanks for your time !
@Sebas-lk3jv
@Sebas-lk3jv Жыл бұрын
How about blocking ip from bruteforce attack. it seems to be the most common attack on windows.
@alejandroparrello6493
@alejandroparrello6493 Жыл бұрын
Hi dear Taylor! Whish you are well! Excelent work! Could you tell me why it needed PS7 for this purporses? With built-in doesn't work? Thank you in advance! Regards form Argentina! 😉🙌
@МаксимКиселёв-б9з
@МаксимКиселёв-б9з 10 ай бұрын
Taylor, good video, I have a question, the result that MISP gives me in data.misp.value is the name of the domain, not the IP address of the malicious domain. What do I have to modify to obtain the IP and trigger the event to generate the rule in the firewall?
@gufrankhan3007
@gufrankhan3007 Жыл бұрын
@Taylor am following your vids but i can't able to find MSIP value even security events. Is this changed now.
@waynescroggins4057
@waynescroggins4057 8 ай бұрын
I love the video, but I am running into an issue. Instead of using MISP, I simply wanted to block on either rule 60122 or 60204 but it does not appear that either are fireing the firewall.cmd at all. Did I miss something? My instalation is the all-in-one vanilla and my agents were installed with the powershell command, but even when I change the executable to the restart wazu agent, I do not see it function. It feels like there is one switch somewhere that I need to set, but I see none anywhere. Can you assist? Thanks
@naseraslam92
@naseraslam92 2 жыл бұрын
Well explained, Thank you so much, it is very helpful especially for beginners.
@byt3b4dger
@byt3b4dger 2 жыл бұрын
Hello together, first of all many thanks for the very informative videos! I'm stuck on one problem...how can I search all agents for a specific installed software? As an example: I want to know on which hosts Firefox is installed. Can this be done via a visualization or via API and if so, how? Thanks in advance and keep up the good work!
@ChrisForbes509
@ChrisForbes509 2 жыл бұрын
OSQuery?
@zenitsuagatsuma3264
@zenitsuagatsuma3264 2 жыл бұрын
Hello Sir, really liked your videos! can we only add the ip address that matched with MISP entries with no removal from windows firewall after settled time, in order to permanently block the IP ? if yes, can u send some guide please :)
@taylorwalton_socfortress
@taylorwalton_socfortress 2 жыл бұрын
Sure can, just set the section to no
FREE INCIDENT RESPONSE PLATFORM - Velociraptor Install
41:22
Taylor Walton
Рет қаралды 21 М.
Their Boat Engine Fell Off
0:13
Newsflare
Рет қаралды 15 МЛН
Vampire SUCKS Human Energy 🧛🏻‍♂️🪫 (ft. @StevenHe )
0:34
Alan Chikin Chow
Рет қаралды 138 МЛН
How to use Windows Firewall to block Hackers and Malware
10:47
PC Security Channel
Рет қаралды 130 М.
Avoid Compromise with Wazuh Active Response
16:35
MyDFIR
Рет қаралды 2,8 М.
HTTPS, SSL, TLS & Certificate Authority Explained
43:29
Laith Academy
Рет қаралды 152 М.
Quarantine Malware with Wazuh + YARA
25:41
Taylor Walton
Рет қаралды 10 М.
we ran OUT of IP Addresses!!
16:49
NetworkChuck
Рет қаралды 2,1 МЛН
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН